根据当前经过身份验证的用户对过滤器进行建模 [英] Model filters based on the currently authenticated user

问题描述

我正在开发一个应用程序，其中为每个用户分配了一个特定区域.例如，用户1属于区域"Phoenix"，用户2属于"Scottsdale"，用户3属于"Tempe".每个用户的区域在region_id列中定义.

I am working on an app, in which each user is assigned a particular region. For example, user 1 belongs to a region 'Phoenix', user 2 to 'Scottsdale', and user 3 to 'Tempe'. The region of each user is defined in the region_id column.

该应用程序具有针对3种不同用户模型的3个单独的防护措施(这是一个具有区域经理，提供商和客户的市场).实际上，应用程序中的每个模型都有一个region_id列，用于标识资源所属的区域.

The app has 3 separate guards for 3 different user models (it's a marketplace with regional managers, providers, and customers). Virtually every model in the app has a region_id column, identifying to which region the resource belongs to.

我想简化查询资源的方式.目前，我正在控制器中直接过滤每个模型/资源，例如:

I would like to simplify how the resources are queried. Currently, I am filtering each model/resource directly in the controller, e.g.:

$customers = Customer::where('region_id', Auth::user()->region_id);

我想在全局级别设置此类过滤器，以确保每个经过身份验证的用户只能看到他们自己区域中的记录.对于显示当前区域中的记录列表特别重要，而不是检查用户是否可以访问/编辑特定的单个记录.

I would like to set such filters at the global level, to make sure that each authenticated user can see records only from their own region. It is important particularly for displaying the list of records in the current region, not checking whether the user can access/edit a particular single record.

我研究了查询范围，但我无法与他们一起访问当前经过身份验证的用户.我可以访问当前用户的唯一情况是在闭包中定义了全局范围，但这违反了不必在每个模型中定义相同逻辑的目的(即，我无法将过滤逻辑提取到查询范围类中) ).

I have looked into Query Scopes, but I am not able to access the currently authenticated user withing them. The only case when I can access the current user is when the global scope is defined in a closure, but this defeats the purpose of not having to define the same logic in each model (i.e. I cannot extract the filtering logic to a query scope class).

有什么好的替代方法要考虑?如何基于当前经过身份验证的用户的属性设置全局模型过滤器?

What would be a good alternative approach to consider? How can I set the global model filters based on a property of a currently authenticated user?

推荐答案

我在GitHub上的Laravel Framework问题跟踪器上发布了一个类似的问题，作为可能的错误(不确定是否会发生这种现象)，并在那里找到了答案.

I posted a similar question as a possible bug (was not sure whether this behavior was something expected) on Laravel Framework issue tracker on GitHub and found the answer there.

结果是，您无法在全局查询范围构造函数中访问经过身份验证的用户，但可以在apply()方法中对其进行访问.

Turns out, you cannot access the authenticated user in the global query scope constructor, but it is accessible in the apply() method.

所以代替:

public function __construct() {
    $this->region_id = Auth::user()->region_id;
}

public function apply(Builder $builder, Model $model)
{
    $builder->where('region_id', $this->region_id);
}

我必须做:

public function apply(Builder $builder, Model $model)
{
    $region_id = Auth::user()->region_id;

    $builder->where('region_id', $region_id);
}

在GitHub 此处上链接到该问题.

Link to the issue on GitHub here.

这篇关于根据当前经过身份验证的用户对过滤器进行建模的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！